-
pcre3 (2:8.35-3.3+deb8u4) jessie; urgency=medium
* Non-maintainer upload.
* Add 0001-Fixed-an-issue-with-nested-table-jumps.patch.
Fixes issue with nested table jumps. (Closes: #819050)
-- Salvatore Bonaccorso <email address hidden> Fri, 25 Mar 2016 19:58:10 +0100
-
pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium
* Non-maintainer upload.
* Add additional CVE references and bug closer to previous changelog.
CVE-2015-2327 fix was included in the previous 2:8.35-3.3+deb8u1 upload.
CVE-2015-8384 different issue than CVE-2015-3210 but fixed with same
commit.
CVE-2015-8388 different issue than CVE-2015-5073 but fixed with same
commit.
Add bug closer to bugs in the BTS retrospectively.
* Add 0001-Fix-compile-time-loop-for-recursive-reference-within.patch.
CVE-2015-2328: Stack-based buffer overflow in compile_regex().
* Add 794589-information-disclosure.patch.
CVE-2015-8382: Fix "pcre_exec does not fill offsets for certain regexps"
leading to information disclosure. (Closes: #794589)
* Add 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch.
CVE-2015-8383: Buffer overflow caused by repeated conditional group.
* Add 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch.
CVE-2015-8385: Buffer overflow caused by forward reference by name to
certain group.
* Add 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch.
CVE-2015-8386: Buffer overflow caused by lookbehind assertion.
* Add 0001-Add-integer-overflow-check-to-n-code.patch.
CVE-2015-8387: Integer overflow in subroutine calls.
* Add 0001-Fix-overflow-when-ovector-has-size-1.patch.
CVE-2015-8380: Heap-based buffer overflow in pcre_exec. (Closes: #806467)
* Add 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
CVE-2015-8389: Infinite recursion in JIT compiler when processing
certain patterns.
* Add 0001-Fix-bug-for-classes-containing-sequences.patch.
CVE-2015-8390: Reading from uninitialized memory when processing certain
patterns.
* Add 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch.
CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
for a very long time.
* Add 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
CVE-2015-8392: Buffer overflow caused by certain patterns with
duplicated named groups.
* Add 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch.
CVE-2015-8393: Information leak when running pcgrep -q on crafted
binary.
* Add 0001-Add-missing-integer-overflow-checks.patch.
CVE-2015-8394: Integer overflow caused by missing check for certain
conditions.
* Add 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch.
CVE-2015-8381: Heap Overflow in compile_regex().
CVE-2015-8395: Buffer overflow caused by certain references.
(Closes: #796762)
-- Salvatore Bonaccorso <email address hidden> Tue, 29 Dec 2015 09:19:11 +0100
-
pcre3 (2:8.35-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Upstream patch for heap buffer overflow, CVE-2014-8964, taken from
1:8.36-1 (Closes: #770478)
Thanks to Salvatore Bonaccorso for the reminder.
-- Ivo De Decker <email address hidden> Sat, 06 Dec 2014 19:58:19 +0100
-
pcre3 (1:8.36-1) unstable; urgency=medium
* New upstream release
* Upped shlibs dependency to 8.35 (Closes: #767903)
* Upstream patch for heap buffer overflow, CVE-2014-8964 (Closes: #770478)
-- Mark Baker <email address hidden> Mon, 24 Nov 2014 22:41:12 +0000
-
pcre3 (1:8.35-3.2) unstable; urgency=low
* Non-maintainer upload with maintainer permission.
* Disable JIT on x32 and powerpcspe (Closes: #760327).
-- Thorsten Glaser <email address hidden> Wed, 12 Nov 2014 14:30:23 +0000
-
pcre3 (1:8.35-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Enable build hardening flags (closes: #656008).
-- Michael Gilbert <email address hidden> Fri, 19 Sep 2014 01:48:23 +0000
-
pcre3 (1:8.35-3) unstable; urgency=medium
Thanks to Simon McVittie for all of the work on this:
* Run tests with VERBOSE=1 so we can see the logs for failing tests
(Closes: #755052)
* Apply part of upstream r1472 to fix undefined behaviour when parsing
{n} or {m,n} quantifiers, which causes mis-parsing and test failures
under gcc 4.9 (Closes: #751828)
-- Mark Baker <email address hidden> Wed, 23 Jul 2014 21:19:41 +0100
-
pcre3 (1:8.31-5) unstable; urgency=medium
* Previous attempt at detecting JIT support didn't work when cross
compiling. Now runs the host compiler, and doesn't try to run the
output (Closes: 745222)
-- Mark Baker <email address hidden> Wed, 23 Apr 2014 21:00:35 +0100
-
pcre3 (1:8.31-4) unstable; urgency=medium
* Enable JIT compilation only on architectures where it is supported -
fixes FTBFS on ones where it isn't (Closes: 745114)
* Verbose build logs (Closes: 745069)
-- Mark Baker <email address hidden> Fri, 18 Apr 2014 10:06:31 +0100
-
pcre3 (1:8.31-2) unstable; urgency=low
* Build -dev package as Multi-arch: same. Thanks Steve Langasek / Ubuntu
for the patch (Closes: 696217)
-- Mark Baker <email address hidden> Thu, 03 Jan 2013 20:30:05 +0000
-
pcre3 (1:8.30-5) unstable; urgency=low
* There is no use in including debug information for the libraries from
the udeb in the debug package; more importantly, because the
installation system isn't multiarch, if they are included they result
in arch specific files in arch independent paths (debug package is
Multi-arch:same). Removed. (Closes: #670018)
-- Mark Baker <email address hidden> Tue, 01 May 2012 22:38:42 +0100
